Project

General

Profile

Tâche #22341

Scénario #22213: Diagnose devrait signaler que le certificat utilisé ne correspond pas à l'adresse du module

diagnose certificats : comportement TestCerts à valider

Added by Fabrice Barconnière over 3 years ago. Updated over 3 years ago.

Status:
Fermé
Priority:
Normal
Start date:
09/26/2017
Due date:
% Done:

100%

Estimated time:
1.00 h
Spent time:
Remaining (hours):
0.0

Description

Vérifier la validité de la commande openssl ligne 228 :

ssl_cmd="/usr/bin/openssl verify -CAfile $CAFILE -purpose any $CERTFILE" 

Le résultat semble toujours OK sans l'utilisation de l'option -CApath

Voir creole:906992476b0b


Related issues

Related to Distribution EOLE - Tâche #22335: Tester la validité du SubjAltName du certificat défini dans gen_config Fermé 11/28/2017

Associated revisions

Revision eef7c44a (diff)
Added by Fabrice Barconnière over 3 years ago

Le diagnose des certificats ne gérait pas tous les codes d'erreurs

ref #22341

Revision 3329f887 (diff)
Added by Fabrice Barconnière over 3 years ago

Le diagnose des certificats ne gérait pas tous les codes d'erreurs

ref #22341

Revision eebc3856 (diff)
Added by Fabrice Barconnière over 3 years ago

Le diagnose du SSO testait 2 fois la même chose suite à creole:3329f887

ref #22341

Revision 4ea80979 (diff)
Added by Fabrice Barconnière over 3 years ago

Le diagnose répondait OK si le certificat était expiré

ref #22341

History

#1 Updated by Gwenael Remond over 3 years ago

  • Assigned To set to Gwenael Remond

#2 Updated by Scrum Master over 3 years ago

  • Status changed from Nouveau to En cours

#3 Updated by Gwenael Remond over 3 years ago

  • Assigned To deleted (Gwenael Remond)

#4 Updated by Gwenael Remond over 3 years ago

  • Status changed from En cours to Nouveau

#5 Updated by Gwenael Remond over 3 years ago

  • Related to Tâche #22335: Tester la validité du SubjAltName du certificat défini dans gen_config added

#6 Updated by Fabrice Barconnière over 3 years ago

  • Status changed from Nouveau to En cours

#7 Updated by Fabrice Barconnière over 3 years ago

  • Assigned To set to Fabrice Barconnière

#8 Updated by Fabrice Barconnière over 3 years ago

  • Status changed from En cours to Résolu
  • % Done changed from 0 to 100
  • Remaining (hours) changed from 1.0 to 0.1

#9 Updated by Fabrice Barconnière over 3 years ago

  • Status changed from Résolu to En cours
  • Parent task changed from #22216 to #22213

#10 Updated by Fabrice Barconnière over 3 years ago

  • % Done changed from 100 to 80
  • Remaining (hours) changed from 0.1 to 1.0

Le diagnose SSO teste 2 fois la même chose maintenant :

** Service SSO                                                                                                                [37/135]
.                         SSO => Ok
*** Service SSO (expiration du certificat)
.                    eole.crt => Ok
.                DNS reconnus => scribe.etb1.lan etb1.ac-test.fr 
*** Service SSO (certificat validé par l'autorité configurée)
.                    eole.crt => Ok
.                DNS reconnus => scribe.etb1.lan etb1.ac-test.fr

#11 Updated by Fabrice Barconnière over 3 years ago

  • % Done changed from 80 to 100
  • Remaining (hours) changed from 1.0 to 0.1

#12 Updated by Fabrice Barconnière over 3 years ago

  • Status changed from En cours to Résolu

#13 Updated by Fabrice Barconnière over 3 years ago

  • Status changed from Résolu to En cours

#14 Updated by Fabrice Barconnière over 3 years ago

  • % Done changed from 100 to 50
  • Remaining (hours) changed from 0.1 to 2.0

Le diagnose renvoie OK quand le certificat est expiré

#15 Updated by Fabrice Barconnière over 3 years ago

  • % Done changed from 50 to 100
  • Remaining (hours) changed from 2.0 to 0.2

Paquet creole 2.6.2-70

#16 Updated by Fabrice Barconnière over 3 years ago

  • Status changed from En cours to Résolu

#17 Updated by Gérald Schwartzmann over 3 years ago

  • Remaining (hours) changed from 0.2 to 0.0

#18 Updated by Gérald Schwartzmann over 3 years ago

Pour un serveur scribe etb1 :

*** Validité du certificat
.                    eole.crt => Ok
.                DNS reconnus => scribe.etb1.lan etb1.ac-test.fr 

*** Service SSO
.                         SSO => Ok
*** Certificat SSO
.                    eole.crt => Ok
.                DNS reconnus => scribe.etb1.lan etb1.ac-test.fr 
*** Messagerie
.               Courrier SMTP => Ok
.              File d'attente => 4 message(s)
.           Messages "Frozen" => 0 message

.               Courrier IMAP => Ok
.                   imapd.pem => Ok
.                DNS reconnus => scribe.etb1.lan etb1.ac-test.fr 

#19 Updated by Gérald Schwartzmann over 3 years ago

  • Status changed from Résolu to Fermé

J'ai passé le test sur un scribe etb1 :
http://squash-tm.eole.lan/squash/executions/7157

Also available in: Atom PDF